On Wed, Dec 22, 2021 at 12:17:57PM -0500, Yael Tiomkin wrote:

The encrypted.c class supports instantiation of encrypted keys with
either an already-encrypted key material, or by generating new key
material based on random numbers. To support encryption of
user-provided decrypted data, this patch defines a new datablob
format: [<format>] <master-key name> <decrypted data length>
<decrypted data>.

So, the code change looks quite legit but why is this needed?

This part is missing from the commit message.

/Jarkko